If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

wireless MAC changer

I was setting up a wireless 802.11g network a weekend or so ago and I set in place all possible measures that I know of to "secure" the WAP/router and WLAN. (I tried to talk em into running wires.. but they insisted on w/less. I even explained to them the dangers and etc.)

There isn't much info on the computers and it is really only used for web surfing.

Well, I changed the default name and disabled the broadcast of SSID, enabled the 128-bit WEP, disabled DHCP, changed the default admin password, and put in place MAC filtering. I even put it on a subnet that isn't the defualt... ex. 10.96.128.x whatever, I just pulled one out of the air.

I know that the WEP can be cracked given enough time, and the ip(s) and ssid can also be grabbed. So, I was mainly relying on the MAC filtering...

I'm pretty new to securnig WLANs and WAPs... is there any way to detect a spoofed MAC?

There would be a conflict when the other MAC was in use, but when it wasn't in use... how can you detect it?

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

recently completed a white paper that demonstrates some techniques
that can be used for detecting spoofed MAC addresses on 802.11
networks. In this paper I identify tactics that can be used to
identify the use of the Wellenreiter, FakeAP and AirJack tools
through anomaly analysis. Here is the abstract:

Wow... the first thing that came up in google... I guess I should have searched before I posed.

/me bangs head on desk over and over again till I hear google ringing in the back of my head...

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Rogue AP attack
In a rogue AP attack, the attacker employs an AP (masqueraded as a legitimate AP in a given hotspot) connected to an
MS, as depicted in Figure 1. Based on signal strength, an unsuspecting MS may connect to the rogue AP and start to
perform authentication. Since no messages can be integrity protected before authentication, the attacker substitutes the
MAC/IP address-pair of his own MS and relays the authentication messages to a legitimate AP. In this way, the
authentication procedure binds the MAC/IP address-pair of the attacking MS to the credentials of the legitimate user.
As a consequence, the attacker gains access to anything the legitimate user would, while the legitimate user is denied
access. This attack is only applicable if the authentication does not result in encryption/integrity keys to protect the
session.

Figure 1. Rogue AP used for man-in-the-middle attacks
The same equipment may also be used to redirect a user’s traffic to a completely different network. That is, the attacker may trick the user into believing that he is accessing the given WRAN, when he in fact is connected to a network of the
attacker’s choice.